PayProp and Reapit – Who are we?

PayProp, a Reapit company, offers a tech platform for letting agents that lets them automate every part of the rental transaction. PayProp is easier to use and more powerful than solutions by banks and traditional software vendors.

We’re a seasoned team of professionals with expertise in property, banking, finance, risk management and technology, as well as building and managing highly secure cloud-based Web applications.

Worldwide, Reapit technology is used by over 78,000 agents in more than 15,000 branches, with over a million properties under management; enabling them to run their businesses, identify opportunities for growth, manage their properties, collect rent, communicate with their clients, and deliver an outstanding customer experience, every time.

What you’ll be doing

Reporting to the Group Head of Compliance, the Group Data Compliance Coordinator (DCC) will be responsible for implementing and maintaining a robust data privacy framework across all jurisdictions in which the Group operates.

Working closely with each jurisdiction’s designated Data Protection Officer (DPO), the Head of Compliance, the Chief Legal Officer, and the Risk Manager, the DCC will oversee data privacy compliance, manage risk, and ensure that the Group's standards are upheld across all data protection activities.

Key responsibilities include:

1. Develop and Maintain Compliance Framework
   Create and sustain a comprehensive data privacy compliance framework, encompassing policies, procedures, and guidelines tailored to meet the specific regulatory requirements of each jurisdiction.
2. Stay Informed on Data Protection Legislation
   Monitor changes in data protection laws and regulations, advising the organisation on the implications for cross-border operations.
3. Primary Support for DPOs
   Act as the main support resource for DPOs in each jurisdiction, handling inquiries and requests from regulators and data subjects promptly and ensuring responses meet compliance standards.
4. Implement Technical and Organisational Measures (TOMs)
   Develop, implement, and maintain TOMs across jurisdictions to align with both local requirements and Group-wide data privacy standards.
5. Manage Privacy Assessments
   Oversee Data Protection Impact Assessments (DPIAs) and Transfer Impact Assessments (TIAs), identifying and mitigating privacy risks.
6. Lead Data Breach Responses
   Manage responses to data breaches, ensuring timely notifications to regulatory authorities and affected individuals as legally required.
7. Maintain Data Breach Response Plan
   Develop, implement, and maintain a Data Breach Response Plan, ensuring all Group entities are prepared to respond effectively to incidents.
8. Conduct Post-Incident Reviews
   Collaborate with relevant DPOs, the Head of Compliance, the Group Risk Manager, and others to conduct reviews after incidents and implement corrective actions to mitigate future risks.
9. Manage Data Subject Access Requests (DSARs)
   Handle DSARs, ensuring responses are timely and accurate to meet legal obligations.
10. Ensure Effective Handling of Data Subject Rights Requests
    Establish processes for handling requests relating to data erasure, portability, and rectification in a compliant and efficient manner.
11. Deliver Data Privacy Training
    Design and deliver training programmes on data privacy for all departments and jurisdictions, raising awareness and ensuring compliance.
12. Monitor Vendor and Partner Compliance
    Assess and monitor data protection practices of vendors and partners, focusing on higher-risk areas to ensure alignment with the Group’s privacy policies and effective risk mitigation.
13. Support Vendor Onboarding
    Participate in the evaluation and onboarding of new third-party vendors, ensuring compliance with relevant SOPs and privacy policies.
14. Report on Data Protection Status
    Provide regular reports to the board and senior management, offering insights into data protection status, associated risks, and areas for improvement.
15. Maintain Documentation
    Keep detailed records of all data privacy activities to ensure readiness for internal audits or regulatory inspections.

This role is vital in upholding the Group’s commitment to data privacy and ensuring the compliance of its operations across diverse jurisdictions.

Who we’re looking for

At PayProp, we prioritise hiring individuals who share our values and possess the right attitudes and behaviours for success. Whilst some of the listed requirements may be important, don’t worry if you don’t meet all of them, we’d still like to hear from you.

1. Tertiary-level education, for example in Law, Information Security, or a related field.
2. Professional certifications such as CIPP/E, CIPM, or CIPT are preferred
3. A minimum of 5 years’ experience in data protection, privacy, or a related legal compliance role within a multinational or technology-driven environment.
4. Experience in managing data breaches, conducting DPIAs, and handling DSARs.
5. Strong knowledge of data privacy laws and best practices, with a focus on practical compliance.
6. Excellent communication skills, with the ability to clearly explain complex regulatory concepts to non-legal stakeholders.
7. Strong organisational and project management skills, with the ability to handle multiple tasks in a fast-paced environment.
8. High ethical standards and a proactive approach to risk identification and management.
9. Self-starter with the ability to work independently, while also demonstrating a collaborative mindset and the ability to work effectively with cross-functional teams.

What your impact and success look like

As a DCC we expect your success and impact in the early stages of your career with us to look something like this:

Within 1 month:

1. Familiarise yourself with the Group’s data privacy framework, as well as local and international data protection regulations relevant to our operations.
2. Establish key working relationships with the Group Head of Compliance, Chief Legal Officer, Group Risk Manager, and Data Protection Officers (DPOs) across jurisdictions.
3. Conduct an initial review of all ongoing compliance initiatives, with a focus on current data privacy policies, technical and organisational measures (TOMs), and outstanding action items.

Within 3 months:

1. Begin monitoring and maintaining data privacy compliance documentation, including Data Protection Impact Assessments (DPIAs) and Data Processing Agreements (DPAs), providing recommendations for improvement as necessary.
2. Coordinate responses for any Data Subject Access Requests (DSARs) received, working with local DPOs to ensure timely and compliant handling.
3. Initiate a training schedule for relevant employees on updated data privacy policies and best practices, with a focus on awareness and practical application within the organisation.

Within 6 months:

1. Fully establish processes for periodic privacy risk assessments across all vendors and partners, working to align third-party practices with the Group’s privacy policies.
2. Lead post-incident reviews for any data-related incidents in collaboration with local DPOs, implementing corrective actions and enhancing the Data Breach Response Plan.
3. Deliver your first report to senior management, providing insight into compliance status, identified risks, and progress on key data protection initiatives.

What’s in it for you?

We operate a Flexible Working Policy, and we would like for you to work from our Stellenbosch offices 2 days a week.

We’re offering the chance to really make a difference here at PayProp and the opportunity for personal growth is very real. You’ll feel part of a special team.

You can expect a highly competitive salary and benefits include:

1. An optional Group Retirement Annuity Scheme.
2. Off on weekends and official South African public holidays, plus 20 working days paid annual leave.

Don’t tick all the boxes? Neither do we

We care about our industry and want it to become a more inclusive and diverse place to work. So, we’re driven by hiring not only by experience and relevance for the role but by sharing our values and the right attitudes and behaviours for success.

We are committed to Equal Employment Opportunity through attracting and retaining a complementary team of employees and building an inclusive environment for all.

We feel we have an empowering environment where everyone is supported and respected, and we want you to feel this too. We welcome new ideas, thinking and approaches, whilst listening to all our employees.